👀 Views: 854 💬 Answers: 1 📅 Created: 2025-06-07

oci cors api-gateway lambda JavaScript

I'm prototyping a solution and I'm refactoring my project and I'm trying to implement I'm currently working on an API Gateway in OCI that is integrated with a Lambda function as the backend... The API is supposed to handle CORS requests, but I'm running into issues where preflight OPTIONS requests are returning a 403 Forbidden behavior. I've ensured that the CORS settings in the API Gateway are configured correctly, allowing all origins and the necessary headers. Here’s a snippet of my configuration: ```json { "cors": { "allowOrigins": ["*"], "allowHeaders": ["Content-Type", "Authorization", "X-Amz-Date", "X-Api-Key", "X-Amz-Security-Token"], "allowMethods": ["GET", "POST", "OPTIONS"], "exposeHeaders": [], "maxAge": 600 } } ``` I've also set the following policies in the OCI Console under the API Gateway section: - Allow public access to the API - Allow OPTIONS method for the endpoint Despite this, when I perform a CORS request from my frontend app, I see the following behavior in the browser console: ``` Access to XMLHttpRequest at 'https://<api_gateway_url>' from origin 'https://<frontend_url>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. ``` I've tested the Lambda function independently, and it works correctly when called directly, returning the expected data. To troubleshoot, I added logging to my Lambda function but it never gets invoked for the OPTIONS request. Is there a specific setting or step I might be missing in the OCI API Gateway configuration to properly handle CORS preflight requests? Any insights would be greatly appreciated. This is for a service running on Debian. For context: I'm using Javascript on Debian. I appreciate any insights!